Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Kaplan
Contributor

decreypt pcap with wireshark

Dear People,

 

i have a problem, that I can decrypt the pcap file in Headquarter Fortigate but in Branch only on ISP Router  and not behind of ISP Router on Fortigate Packet Capture.

 

FGHQ-->ISP-Router ----------------ISP-Router<--Fortigate Branch

 

Did somebody know why?

4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Hello Kaplan,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Kaplan,

 

I have found this KB article:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-decrypt-IPSec-Phase-2-ISAKMP-packet...

 

Could you please tell me if it helps?

 

Regards,

Anthony-Fortinet Community Team.
Markus_M
Staff
Staff

Hi Kaplan,

 

it will help to understand what you are actually trying to decrypt/decode. Is it IPsec traffic as Anthony guessed, or are you trying to decode a "sniffer 6" packet capture?

 

Best regards,

 

Markus

Kaplan
Contributor

Hello Markus,
thax for your help.It is the IPSEC traffic.
I tried it to decrypt with dia vpn tunnel list name VPNTU
I could decrypt it in one side,but not on other side.I will try with the article.
sniffer with 6 with same result

 

Thanx a lot

Labels
Top Kudoed Authors